[all] Update to v1.0.0 (#67)

Updates: * [all] Change to follow SM v1.0 SBI (OpenSBI) * [all] Fix compilation error for the new toolchain (RV32/RV64) * [CI] moved from TravisCI to CircleCI * [examples] Add return value checking for tests (`--retval` flag in the test runner) * [src/host] Host doesn't need to initialize Untrusted Memory Resolves #48 * [all] Fix formatting * [tests] Replace ValidMeasure test with deterministic measurement test Issues Resolved: #48
keystone-enclave · Feb 27, 2021 · 24a5ed3 · 24a5ed3
1 parent 337f8bd
commit 24a5ed3
Show file tree

Hide file tree

Showing 32 changed files with 205 additions and 162 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,69 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference
+version: 2.1
+
+# prebuilt docker images with toolchain
+executors:
+ setup-rv64gc:
+ docker:
+ - image: keystoneenclaveorg/keystone:init-rv64gc
+ setup-rv32gc:
+ docker:
+ - image: keystoneenclaveorg/keystone:init-rv32gc
+
+
+commands:
+ update-riscv-toolchain-path:
+ steps:
+ - run: echo 'export PATH=/keystone/riscv64/bin:/keystone/riscv32/bin:$PATH' >> $BASH_ENV
+ setup-test:
+ steps:
+ - run:
+ command: |
+ /keystone/sdk/tests/scripts/setup_test.sh
+ apt -y update
+ apt -y install python3-pip clang-format
+ pip3 install cpplint
+
+jobs:
+ build-install-examples-test-format-64:
+ executor: setup-rv64gc
+ working_directory: /keystone/sdk
+ steps:
+ - checkout
+ - update-riscv-toolchain-path
+ - setup-test
+ - run:
+ name: "Build, install, build examples, test, and format check (rv64)"
+ command: |
+ mkdir build64
+ cd build64
+ export KEYSTONE_SDK_DIR=$(pwd)
+ cmake ..
+ make
+ make install
+ make examples
+ make check
+ make uninstall
+ make format
+ build-install-examples-32:
+ executor: setup-rv32gc
+ working_directory: /keystone/sdk
+ steps:
+ - checkout
+ - update-riscv-toolchain-path
+ - run:
+ name: "Build, install, build examples (rv32)"
+ command: |
+ mkdir build32
+ cd build32
+ export KEYSTONE_SDK_DIR=$(pwd)
+ cmake .. -DRISCV32=y
+ make
+ make install
+ make examples
+
+workflows:
+ build-and-test:
+ jobs:
+ - build-install-examples-test-format-64
+ - build-install-examples-32
diff --git a/.travis.yml b/.travis.yml
diff --git a/examples/hello-native/CMakeLists.txt b/examples/hello-native/CMakeLists.txt
@@ -36,7 +36,7 @@ target_include_directories(${host_bin}
 
 set(eyrie_files_to_copy .options_log eyrie-rt)
 add_eyrie_runtime(${eapp_bin}-eyrie
- "origin/master"
+ "v1.0.0"
  ${eyrie_plugins}
  ${eyrie_files_to_copy})
 

diff --git a/examples/hello/CMakeLists.txt b/examples/hello/CMakeLists.txt
@@ -25,7 +25,7 @@ target_link_libraries(${host_bin} ${KEYSTONE_LIB_HOST} ${KEYSTONE_LIB_EDGE})
 
 set(eyrie_files_to_copy .options_log eyrie-rt)
 add_eyrie_runtime(${eapp_bin}-eyrie
- "origin/master"
+ "v1.0.0"
  ${eyrie_plugins}
  ${eyrie_files_to_copy})
 

diff --git a/examples/tests/CMakeLists.txt b/examples/tests/CMakeLists.txt
@@ -46,7 +46,7 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/add_long.S
  ${CMAKE_CURRENT_BINARY_DIR}/add_long.S
  ${CMAKE_CURRENT_SOURCE_DIR}/long-nop/nop.s
  ${CMAKE_CURRENT_SOURCE_DIR}/long-nop/func_base.s
- ${CMAKE_CURRENT_SOURCE_DIR}/long-nop/nop.h 
+ ${CMAKE_CURRENT_SOURCE_DIR}/long-nop/nop.h
 )
 target_link_libraries(long-nop ${KEYSTONE_LIB_EAPP})
 
@@ -78,7 +78,12 @@ set(test_script ${CMAKE_CURRENT_BINARY_DIR}/run-test.sh)
 file(WRITE ${test_script_tmp} "")
 foreach (test IN ITEMS ${all_test_bins})
  file(APPEND ${test_script_tmp} "echo 'testing ${test}'\n")
- file(APPEND ${test_script_tmp} "./${host_bin} ${test} eyrie-rt\n")
+ if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${test}/retval)
+ execute_process(COMMAND cat ${CMAKE_CURRENT_SOURCE_DIR}/${test}/retval OUTPUT_VARIABLE retval)
+ file(APPEND ${test_script_tmp} "./${host_bin} ${test} eyrie-rt --retval ${retval}")
+ else()
+ file(APPEND ${test_script_tmp} "./${host_bin} ${test} eyrie-rt\n")
+ endif()
 endforeach(test)
 
 file(COPY ${test_script_tmp} DESTINATION ${CMAKE_CURRENT_BINARY_DIR}
@@ -99,7 +104,7 @@ target_link_libraries(${host_bin} ${KEYSTONE_LIB_HOST} ${KEYSTONE_LIB_EDGE} ${KE
 
 set(eyrie_files_to_copy .options_log eyrie-rt)
 add_eyrie_runtime(test-eyrie
- "origin/master"
+ "v1.0.0"
  ${eyrie_plugins}
  ${eyrie_files_to_copy})
 

diff --git a/examples/tests/attestation/retval b/examples/tests/attestation/retval
@@ -0,0 +1 @@
+0
diff --git a/examples/tests/data-sealing/retval b/examples/tests/data-sealing/retval
@@ -0,0 +1 @@
+0
diff --git a/examples/tests/fibonacci/retval b/examples/tests/fibonacci/retval
@@ -0,0 +1 @@
+14930352
diff --git a/examples/tests/long-nop/retval b/examples/tests/long-nop/retval
@@ -0,0 +1 @@
+12345
diff --git a/examples/tests/loop/retval b/examples/tests/loop/retval
@@ -0,0 +1 @@
+54321
diff --git a/examples/tests/malloc/retval b/examples/tests/malloc/retval
@@ -0,0 +1 @@
+11411
diff --git a/examples/tests/stack/retval b/examples/tests/stack/retval
@@ -0,0 +1 @@
+12345
diff --git a/examples/tests/test-runner.cpp b/examples/tests/test-runner.cpp
@@ -58,7 +58,7 @@ main(int argc, char** argv) {
  if (argc < 3 || argc > 8) {
  printf(
  "Usage: %s <eapp> <runtime> [--utm-size SIZE(K)] [--freemem-size "
- "SIZE(K)] [--time] [--load-only] [--utm-ptr 0xPTR]\n",
+ "SIZE(K)] [--time] [--load-only] [--utm-ptr 0xPTR] [--retval EXPECTED]\n",
  argv[0]);
  return 0;
  }
@@ -69,13 +69,16 @@ main(int argc, char** argv) {
  size_t untrusted_size = 2 * 1024 * 1024;
  size_t freemem_size = 48 * 1024 * 1024;
  uintptr_t utm_ptr = (uintptr_t)DEFAULT_UNTRUSTED_PTR;
+ bool retval_exist = false;
+ unsigned long retval = 0;
 
  static struct option long_options[] = {
  {"time", no_argument, &self_timing, 1},
  {"load-only", no_argument, &load_only, 1},
  {"utm-size", required_argument, 0, 'u'},
  {"utm-ptr", required_argument, 0, 'p'},
  {"freemem-size", required_argument, 0, 'f'},
+ {"retval", required_argument, 0, 'r'},
  {0, 0, 0, 0}};
 
  char* eapp_file = argv[1];
@@ -100,6 +103,10 @@ main(int argc, char** argv) {
  case 'f':
  freemem_size = atoi(optarg) * 1024;
  break;
+ case 'r':
+ retval_exist = true;
+ retval = atoi(optarg);
+ break;
  }
  }
 
@@ -126,7 +133,12 @@ main(int argc, char** argv) {
  asm volatile("rdcycle %0" : "=r"(cycles3));
  }
 
- if (!load_only) enclave.run();
+ uintptr_t encl_ret;
+ if (!load_only) enclave.run(&encl_ret);
+
+ if (retval_exist && encl_ret != retval) {
+ printf("[FAIL] enclave returned a wrong value (%d != %d)\r\n", encl_ret, retval);
+ }
 
  if (self_timing) {
  asm volatile("rdcycle %0" : "=r"(cycles4));

diff --git a/examples/tests/untrusted/retval b/examples/tests/untrusted/retval
@@ -0,0 +1 @@
+13
diff --git a/include/app/syscall.h b/include/app/syscall.h
@@ -16,20 +16,19 @@
 #define SYSCALL_GET_SEALING_KEY 1004
 #define SYSCALL_EXIT 1101
 
-#define SYSCALL(which, arg0, arg1, arg2, arg3, arg4) \
- ({ \
- register uintptr_t a0 asm("a0") = (uintptr_t)(arg0); \
- register uintptr_t a1 asm("a1") = (uintptr_t)(arg1); \
- register uintptr_t a2 asm("a2") = (uintptr_t)(arg2); \
- register uintptr_t a3 asm("a3") = (uintptr_t)(arg3); \
- register uintptr_t a4 asm("a4") = (uintptr_t)(arg4); \
- register uintptr_t a7 asm("a7") = (uintptr_t)(which); \
- asm volatile( \
- "ecall" \
- : "+r"(a0) \
- : "r"(a1), "r"(a2), "r"(a3), "r"(a4), "r"(a7) \
- : "memory"); \
- a0; \
+#define SYSCALL(which, arg0, arg1, arg2, arg3, arg4) \
+ ({ \
+ register uintptr_t a0 asm("a0") = (uintptr_t)(arg0); \
+ register uintptr_t a1 asm("a1") = (uintptr_t)(arg1); \
+ register uintptr_t a2 asm("a2") = (uintptr_t)(arg2); \
+ register uintptr_t a3 asm("a3") = (uintptr_t)(arg3); \
+ register uintptr_t a4 asm("a4") = (uintptr_t)(arg4); \
+ register uintptr_t a7 asm("a7") = (uintptr_t)(which); \
+ asm volatile("ecall" \
+ : "+r"(a0) \
+ : "r"(a1), "r"(a2), "r"(a3), "r"(a4), "r"(a7) \
+ : "memory"); \
+ a0; \
  })
 
 #define SYSCALL_0(which) SYSCALL(which, 0, 0, 0, 0, 0)

diff --git a/include/host/Enclave.hpp b/include/host/Enclave.hpp
@@ -66,7 +66,7 @@ class Enclave {
  const char* eapppath, const char* runtimepath, Params _params,
  uintptr_t alternatePhysAddr);
  Error destroy();
- Error run();
+ Error run(uintptr_t* ret = nullptr);
 };
 
 uint64_t

diff --git a/include/host/KeystoneDevice.hpp b/include/host/KeystoneDevice.hpp
@@ -28,7 +28,7 @@ class KeystoneDevice {
 
  private:
  int fd;
- Error __run(bool resume);
+ Error __run(bool resume, uintptr_t* ret);
 
  public:
  virtual uintptr_t getPhysAddr() { return physAddr; }
@@ -42,8 +42,8 @@ class KeystoneDevice {
  uintptr_t runtimePhysAddr, uintptr_t eappPhysAddr, uintptr_t freePhysAddr,
  struct runtime_params_t params);
  virtual Error destroy();
- virtual Error run();
- virtual Error resume();
+ virtual Error run(uintptr_t* ret);
+ virtual Error resume(uintptr_t* ret);
  virtual void* map(uintptr_t addr, size_t size);
 };
 
@@ -62,8 +62,8 @@ class MockKeystoneDevice : public KeystoneDevice {
  uintptr_t runtimePhysAddr, uintptr_t eappPhysAddr, uintptr_t freePhysAddr,
  struct runtime_params_t params);
  Error destroy();
- Error run();
- Error resume();
+ Error run(uintptr_t* ret);
+ Error resume(uintptr_t* ret);
  void* map(uintptr_t addr, size_t size);
 };
 

diff --git a/include/host/Memory.hpp b/include/host/Memory.hpp
@@ -23,7 +23,9 @@ namespace Keystone {
 /*
  * These are used to make use of C type-checking..
  */
-typedef struct { uintptr_t pte; } pte;
+typedef struct {
+ uintptr_t pte;
+} pte;
 
 #define pte_val(x) ((x).pte)
 
@@ -70,11 +72,11 @@ class Memory {
  Memory();
  ~Memory() {}
  virtual void init(
- KeystoneDevice* dev, uintptr_t phys_addr, size_t min_pages) = 0;
- virtual uintptr_t readMem(uintptr_t src, size_t size) = 0;
+ KeystoneDevice* dev, uintptr_t phys_addr, size_t min_pages)  = 0;
+ virtual uintptr_t readMem(uintptr_t src, size_t size)  = 0;
  virtual void writeMem(uintptr_t src, uintptr_t dst, size_t size) = 0;
- virtual uintptr_t allocMem(size_t size) = 0;
- virtual uintptr_t allocUtm(size_t size) = 0;
+ virtual uintptr_t allocMem(size_t size)  = 0;
+ virtual uintptr_t allocUtm(size_t size)  = 0;
  bool allocPage(uintptr_t eva, uintptr_t src, unsigned int mode);
  size_t epmAllocVspace(uintptr_t addr, size_t num_pages);
 

diff --git a/include/host/common.h b/include/host/common.h
@@ -28,7 +28,7 @@
 /* Currently we have only one command avaiable from the enclave.
  * We need to move it out to other header file (e.g., keystone-sm.h) */
 #define KEYSTONE_ENCLAVE_DONE 0
-#define KEYSTONE_ENCLAVE_INTERRUPTED 2
-#define KEYSTONE_ENCLAVE_EDGE_CALL_HOST 11
+#define KEYSTONE_ENCLAVE_INTERRUPTED 100002
+#define KEYSTONE_ENCLAVE_EDGE_CALL_HOST 100011
 
 #endif
diff --git a/include/host/keystone_user.h b/include/host/keystone_user.h
@@ -7,7 +7,6 @@
 
 #include <linux/ioctl.h>
 #include <linux/types.h>
-#include <stdint.h>
 // Linux generic TEE subsystem magic defined in <linux/tee.h>
 #define KEYSTONE_IOC_MAGIC 0xa4
 
@@ -25,6 +24,12 @@
 #define KEYSTONE_IOC_UTM_INIT \
  _IOR(KEYSTONE_IOC_MAGIC, 0x07, struct keystone_ioctl_create_enclave)
 
+#define RT_NOEXEC 0
+#define USER_NOEXEC 1
+#define RT_FULL 2
+#define USER_FULL 3
+#define UTM_FULL 4
+
 struct runtime_params_t {
  uintptr_t runtime_entry;
  uintptr_t user_entry;
@@ -61,24 +66,8 @@ struct keystone_ioctl_create_enclave {
 
 struct keystone_ioctl_run_enclave {
  uintptr_t eid;
- uintptr_t entry;
- uintptr_t args_ptr;
- uintptr_t args_size;
- uintptr_t ret;
-};
-
-struct keystone_hash_enclave {
- uintptr_t epm_paddr;
- uintptr_t epm_size;
- uintptr_t utm_paddr;
- uintptr_t utm_size;
-
- uintptr_t runtime_paddr;
- uintptr_t user_paddr;
- uintptr_t free_paddr;
-
- uintptr_t untrusted_ptr;
- uintptr_t untrusted_size;
+ uintptr_t error;
+ uintptr_t value;
 };
 
 #endif